0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21 | Triage

Sharing

General

Target

BrowserTool.exe
Size

99.6MB
Sample

240903-z3sd1aybqe
MD5

f489556fdde15b99e202a06f0cf513aa
SHA1

dc7991c837e336484d9bcd56fbe42129cc5a62d0
SHA256

0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21
SHA512

dd87414e68ba61a6821d27853c45399193520d090fc9f69f7c4bd5ba1cc591e0384d680c454525d99d95f0b880cc50dffcca201d838d3c8f2d595ba27eda0cdd
SSDEEP

786432:d0urM/MqRmUT0kBKpM6i8nOhxYjjCmrkIvchTJCILjXvxscyQZfbyrBovl+4BPbG:d0XvQAsKlJGkzR21vYdsj

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  BrowserTool.exe
- Size
  
  99.6MB
- MD5
  
  f489556fdde15b99e202a06f0cf513aa
- SHA1
  
  dc7991c837e336484d9bcd56fbe42129cc5a62d0
- SHA256
  
  0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21
- SHA512
  
  dd87414e68ba61a6821d27853c45399193520d090fc9f69f7c4bd5ba1cc591e0384d680c454525d99d95f0b880cc50dffcca201d838d3c8f2d595ba27eda0cdd
- SSDEEP
  
  786432:d0urM/MqRmUT0kBKpM6i8nOhxYjjCmrkIvchTJCILjXvxscyQZfbyrBovl+4BPbG:d0XvQAsKlJGkzR21vYdsj
Score

10^/10

credential_access discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

credential_accessdiscoveryspywarestealer